2009-10-21

One of the times when many emacs-users still reach for vi is when editing
system configuration files – the stuff in /etc/, etc. I think that is
because of the now mostly false impression that emacs startup is slow, and
because people don't want to run an open-ended program as emacs as root.

There is truth in that last point – but it applies just as well to, say,
vim. Anyway, running emacs as root is not a good idea.

So how what can we do it? Easy! Using the tramp package (included with
GNU/Emacs since version 22), you can run emacs as a normal user, but edit
root-and-other-owned files. It does its magic using sudo, but you won't
normally notice. It does require you to have sudo-rights of course.

How does this work? Well, instead of

C-x C-f /etc/hosts

to open a file as a normal user, you use:

C-x C-f /sudo:root@localhost:/etc/hosts

or even shorter, as noted by Alexander Kojevnikov (because Tramp defaults to
root@localhost):

C-x C-f /sudo::/etc/hosts

It asks for a password - and you should use your user password for that (not
the root password!). This usually works fine, but due to way Tramp works, it
can get confused if root has some very weird command prompt. If
so, you of course configure tramp. Also note that sudo usually remembers
that you logged in, an does not require you to re-enter you password when
opening ('visiting') another file for some time period – but you can change
this. See the sudo(8).

This automatically invokes tramp which does all the magic for you. If you
don't like the somewhat longer (pseudo)paths for files, you can of course use
the emacs bookmarks facilty. After you load the file, you can use it like any
other file.

Note, this is only of the many useful things you can do with Tramp. Tramp
was actually written for editing files on remote machines (using ssh or
other protocol), and I very happily used it to edit files on some European
machine whilst in Australia. It caches the file locally, and only sends it
over when you save it, so it very fast – it simply makes you forget your file
is so far away.

Now the only thing I'm missing is that often I need to edit a config file on a remote host but can only ssh to that host as a user and have to do sudo on the remote host so that I'm allowed to edit the file. Anybody knows if this works with tramp too?

@Rörd thanks, multihop works for that purpose, I got it working after some fiddling.

A minor inconvenience is that apparently one has to specify the hosts one wants to sudo on beforehand in the tramp-default-proxies-alist variable and can not use the multi: method anymore as described here: http://www.gnu.org/software/emacs/manual/html_node/tramp/Multi_002dhop-filename-syntax.html

Anyway, opening up remote files like this /sudo:example.com:/etc/hosts works now, yeah!

@Dave: well, you want to do as little as possible with root privs, for security reasons or simply safety against user screw-ups. A (theoretical) exploit in e.g. gnus or w3m would be much more serious when running as root.

@Dave: this is just some cautionary paranoia against big, open-ended program; I guess it correlates with size/complexity/maturity/ etc., but it's hard to quantify. Not running as root may help a bit, so we might as well do that.

@Dave: I usually list emacs as one of my Operating Systems in my skillsset. That's a lot of power to use on just editing a file, unless you get in and get out. Even the /sudo::/ trick leaves you a tiny bit vulnerable.